VDB
RHSA-2026%3A29016
RHSA-2026%3A29016
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | libpng15-debuginfo-0:1.5.30-7.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8) | 1.5.30-7.el8 |
| Red Hat | libpng15-debugsource-0:1.5.30-7.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8) | 1.5.30-7.el8 |
| Red Hat | libpng15-0:1.5.30-7.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8) | 1.5.30-7.el8 |
| Red Hat | libpng15-0:1.5.30-7.el8_8.2.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8) | 1.5.30-7.el8 |
| Red Hat | libpng15-0:1.5.30-7.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8) | 1.5.30-7.el8 |
| Red Hat | libpng15-0:1.5.30-7.el8_8.2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8) | 1.5.30-7.el8 |
| Red Hat | libpng15-debugsource-0:1.5.30-7.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8) | 1.5.30-7.el8 |
| Red Hat | libpng15-0:1.5.30-7.el8_8.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8) | 1.5.30-7.el8 |
| Red Hat | libpng15-0:1.5.30-7.el8_8.2.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8) | 1.5.30-7.el8 |
| Red Hat | libpng15-debuginfo-0:1.5.30-7.el8_8.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8) | 1.5.30-7.el8 |
| Red Hat | libpng15-debugsource-0:1.5.30-7.el8_8.2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8) | 1.5.30-7.el8 |
| Red Hat | libpng15-0:1.5.30-7.el8_8.2.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8) | 1.5.30-7.el8 |
| Red Hat | libpng15-debuginfo-0:1.5.30-7.el8_8.2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8) | 1.5.30-7.el8 |
| Red Hat | libpng15-debugsource-0:1.5.30-7.el8_8.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8) | 1.5.30-7.el8 |
| Red Hat | libpng15-debugsource-0:1.5.30-7.el8_8.2.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8) | 1.5.30-7.el8 |
| Red Hat | libpng15-debuginfo-0:1.5.30-7.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8) | 1.5.30-7.el8 |
| Red Hat | libpng15-debuginfo-0:1.5.30-7.el8_8.2.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8) | 1.5.30-7.el8 |
Timeline
- Jun 24, 2026 CVE Published
- Jun 25, 2026 CVE Updated
- Jun 25, 2026 Distribution Patch
- Jun 25, 2026 Distribution Patch
- Jun 25, 2026 Security Advisory
- Jun 25, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2026:29016 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2451805 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_29016.json advisory
- https://access.redhat.com/security/cve/CVE-2026-33416 advisory
- https://www.cve.org/CVERecord?id=CVE-2026-33416 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-33416 advisory
- https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb advisory
- https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667 advisory
- https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25 advisory
- https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1 advisory
- https://github.com/pnggroup/libpng/pull/824 advisory
- https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j advisory